The FBI on Thursday issued a warning that scammers have been crafting phishing emails that impersonate the agency's Internet Crime Complaint Center (IC3), claiming recipients were recently defrauded, and in some cases even offering restitution if the individuals provide personal information.
Officials with the FBI have identified four variations of this scam, one of which includes an attached text document that purports to be an official form for the recipient to fill out, but actually infects victims with malware.
In this particular example, the spam emails reference an actual arrested Nigerian cybercriminal -- even hyperlinking to news articles about him -- in order to appear credible. The phishing email refers to this individual as a Nigerian national who was arrested in Atlanta in 2014.
"Our records indicate that you have been a victim of fraud because your contact details were found on several devices belong to the perpetrator," the phishing email states, claiming that as a consequence the recipient can claim restitution payments of £1,459,910 (which today equates to more than $2 million).
A second, similar email that teases a $10.5 remuneration payment purports to come from an IC3 director in charge of compensation funds. It warns of unscrupulous banks and courier companies and falsely states that the recipient's name was found in a financial company's database that contains names of victims whose funds were ultimately sent to fraudsters in Nigeria and other countries.
Yet another email pretends to come from an IC3 office in Minnesota and includes a fake case reference number. It states that the recipient's IP address has been referred to IC3 as a possible victim of federal cybercrime and urges the reader to contact the sender by telephone.
"As of December, 2017, the IC3 had received over 100 complaints regarding this scam. No monetary losses have yet to be reported," the FBI reported in its announcement.
Finally, a fourth scam involves a fraudulent IC3 social media page, and instructs recipients to input their personal information in order to report an Internet crime.